
Compyl expands services beyond compliance for Torstone by implementing a world-class vendor management program.
COMPANY
Torstone
LOCATIONS
London, New York, Singapore, and Tokyo.
EMPLOPYEES
250+
INDUSTRY
FinTech
Solution
SOC 2 Type II Vendor Management
YEARS ON COMPYL
Over 3 years
INTEGRATION
Compyl integrations connect to Torstone's tech stack to automate the evidence-gathering process.
FASTER AUDIT
Compyl has reduced audit times by 80% by centralizing all evidence into a single location.
SCALABLE PROGRAM
Compyl's platform allows Tostones to adopt new requirements across multiple regions quickly.

The Overview
Torstone Technology, a leading global SaaS platform for post-trade securities and derivatives processing, has been using Compyl for several years now, focusing on automating its SOC2 and ISO27001 compliance program. With offices in London, New York, Singapore, and Tokyo, Torstone saw the need for a more robust and centralized vendor management program that limits manual effort, establishes a comprehensive process across all departments involved, and ensures that suppliers are within the company’s risk acceptance level.
The Challenge
From a compliance perspective, Torstone’s vendor management program has been what’s required of them; however, as they matured over time, the company realized that less manual effort can increase productivity, limit costs and limit the risk exposure to today’s changing supply chain risk landscape. Vendor due diligence requirements were not as straightforward or defined; hence a risk-based approach was needed to limit risk and increase visibility.
The Solution
The Compyl platform had already been implemented for Torstone, which helped them to reduce their audit time by 80%; however, additional functionality was needed to improve their vendor risk profile. Therefore the Vendor Management module was added to Torstone’s Compyl instance. Compyl has improved the vendor risk management program for Torstone over two months which included:
- Compyl’s unique and semi-automated policy generator allowed for quick vendor risk management policy development and implementation.
- A vendor register was established that holds necessary information, including but not limited to vendor profile, risk rating, current and previous assessments, contracts, supporting documentation, and additional information, custom to Torstone’s needs.
- Torstone, with the help of Compyl’s information security experts, has built unique security assessments via the tool’s assessment builder. This allowed Torstone to design and create an unlimited number of custom assessments based on best practice frameworks, standards, risk acceptance levels, and recent security breaches.
- Through a unique integration with JIRA and Slack, vendor managers are always up to date with any upcoming assessments or contract expiry/renewal.
- Compyl’s customer success team trained vendor managers on the new policy and how to use the tool to comply with the new requirements.
Compyl has enabled Torstone to streamline its supply chain risk management program and allowed a more comprehensive view of suppliers. A complete understanding of security posture, privacy compliance, type of access, and data processed by suppliers is now established and maintained through automation. Request a demo to learn more about what we can do for you.